The EncroChat Hack
100 Million Messages

//What Was EncroChat

EncroChat was a Dutch-based company that provided encrypted communication devices to paying customers. The service offered modified Android smartphones - typically BQ Aquaris models - stripped of cameras, microphones, GPS, and USB ports. The only functionality was encrypted messaging through EncroChat's proprietary servers hosted in Roubaix, France. Each device cost approximately EUR 1,500 for a six-month subscription, putting it well beyond casual use and squarely in the territory of organized crime.

The platform had been operating since approximately 2016 and grew rapidly as word spread through criminal networks. At its peak, EncroChat served over 60,000 active users, with the highest concentrations in the Netherlands, United Kingdom, Spain, France, and Ireland. The devices featured a "panic button" that could wipe all data instantly, and users operated under handles rather than real names. For years, the platform was considered unbreakable - a private communication channel where criminals could coordinate operations with complete impunity.

//The French Infiltration

The breakthrough came from France's Gendarmerie, specifically the C3N cybercrime unit based in Pontoise. Because EncroChat's servers were physically located in a data center in Roubaix, northern France, French authorities had legal jurisdiction to act. In April 2020, the C3N unit deployed a technical tool - essentially a modified software update - that was pushed to every EncroChat device connecting to the French servers. This implant captured messages before encryption was applied, sending copies directly to investigators.

The operation was conducted under a Joint Investigation Team (JIT) established by Eurojust, with France and the Netherlands as the lead partners. Dutch police, through their Digital Unit, received the intercepted data in near real-time and began analyzing the intelligence. The sheer volume was staggering - millions of messages per day, covering everything from cocaine logistics to murder-for-hire negotiations. For approximately two months, investigators had an open window into the operations of Europe's most dangerous criminal organizations.

//Operation Venetic and the UK Response

In the United Kingdom, the EncroChat intelligence was processed under Operation Venetic - the largest and most significant law enforcement operation in British history. The UK's National Crime Agency (NCA) received data from approximately 10,000 British EncroChat users, many of whom were involved in drug trafficking, firearms dealing, and organized violence. Within weeks of the data being shared, the NCA launched coordinated raids across the country.

The results were immediate and dramatic. Over 800 arrests were made in the UK alone within the first months. Seized assets included over two tonnes of cocaine, multiple firearms, luxury vehicles, and tens of millions in cash. The operation exposed networks that had operated with impunity for years - from Liverpool drug gangs to London-based laundering operations. Several high-profile criminals who had evaded detection for decades were identified and arrested based solely on their EncroChat communications.

//The European Fallout - Thousands of Arrests

Across Europe, the EncroChat data triggered a cascade of operations. In the Netherlands, police dismantled multiple drug labs and intercepted shipments at Rotterdam port. The intelligence directly contributed to the Marengo investigation into Ridouan Taghi's network, providing critical context about the organization's communication methods and logistics. In Spain, German, Italian, and Scandinavian jurisdictions, parallel investigations led to hundreds of additional arrests.

The total numbers across all participating countries are difficult to pin down precisely, but conservative estimates place total arrests at over 6,000 within the first two years. Hundreds of tonnes of drugs were seized, along with firearms, explosives, and billions of euros in criminal assets. Perhaps more importantly, the EncroChat data provided investigators with an unprecedented map of European organized crime - revealing not just individual operations but the structural relationships between networks that had previously been invisible.

//The Warning Message - and the Migration to Sky ECC

On June 13, 2020, EncroChat sent a warning message to all its users: the platform had been compromised. The message advised users to destroy their devices immediately. For many, the warning came too late - months of incriminating conversations had already been captured. But for others, it triggered a mass migration to alternative encrypted platforms, with Sky ECC being the most popular destination.

This migration would prove catastrophic. Belgian police were already working to crack Sky ECC, and when the operation succeeded in March 2021, they captured communications from many of the same criminals who had fled EncroChat. The intelligence continuity was remarkable - investigators could track networks across platforms, building cases that spanned both the EncroChat and Sky ECC eras. The lesson was clear: the fundamental vulnerability was not any single platform but the criminal reliance on centralized encrypted services.

//Legal Challenges and Lasting Impact

The EncroChat operation has faced significant legal challenges across Europe. Defense lawyers have argued that the mass interception of communications violated privacy rights and that evidence obtained through the hack should be inadmissible. Courts in Germany initially ruled that EncroChat evidence could not be used, though this was later overturned. In the UK, the Court of Appeal upheld the admissibility of EncroChat evidence in 2022, setting a precedent for future cases. French courts have similarly ruled in favor of admissibility. Despite these legal battles, the operational impact of the EncroChat hack is undeniable. It fundamentally changed how law enforcement approaches encrypted criminal communications and demonstrated that technical infiltration of supposedly secure platforms is both possible and devastatingly effective. Combined with the subsequent Sky ECC and ANOM operations, the EncroChat hack ushered in a new era of signals intelligence in the fight against organized crime - one where the criminals' own messages became the primary evidence against them.